Human-computer interaction (security)

HCISec is the study of interaction between humans and computers, or HCI, specifically as it pertains to information security. Its aim, in plain terms, is to improve the usability of security features in end user applications.

Unlike HCI, which has roots in the early days of Xerox PARC during the 1970s, HCISec is a nascent field of study by comparison. Not surprisingly, interest in this topic tracks with that of Internet security, which has become an area of broad public concern only in very recent years.

Historically, security features exhibit poor usability for reasons that include:

• they were added in casual afterthought
• they were hastily patched in to address newly discovered security bugs
• they address very complex use cases without the benefit of a software wizard
• their interface designers lacked understanding of related security concepts
• their interface designers were not usability experts (often meaning they were the application developers themselves)

Further reading

• "Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable", by Simson Garfinkel